Reggie AI – Privacy Policy
February 23, 2025
- Overview HEAG respects your privacy. This Policy explains how we collect, use, and safeguard information when you use ReggieAI. This policy is supplemental to the general HEAG Privacy Policy at heag.us/privacy-policy.
- Information We Collect ReggieAI is not designed to collect or process PII or student financial aid data. Users must not upload such information.
We may collect:
- Account information (name, institutional email, role).
- Usage logs (queries, feature usage, timestamps).
- Session data and generated artifacts (checklists, audit reports, email drafts).
- Escalation logs when questions are reviewed by HEAG staff.
- Administrative activity logs (user management, corrections, QA actions).
- Aggregated analytics about platform engagement.
- How We Use Information We use this data to:
- Deliver and improve ReggieAI’s features.
- Monitor compliance, engagement, and training needs.
- Provide support when questions are escalated to HEAG experts.
- Maintain security, system performance, and auditability.
- Conduct quality assurance, including reviewing flagged conversations and corrections.
- Improve user experience.
- Provide information about relevant features, upgrades, and services.
We do not sell user data to third parties.
- Third-Party Providers To deliver ReggieAI’s features, HEAG relies on services provided by Supabase, Botpress Cloud, OpenAI, Resend, HubSpot, and Lovable, among others. These providers may process limited usage or technical data in accordance with their own privacy policies. HEAG selects vendors aligned with its security and compliance standards, but does not control their independent practices. Users are encouraged to review applicable third-party terms and policies, as use of Reggie AI may also be subject to them.
- Human Review Some user interactions, depending on subscription level and nature of the interaction, may be routed for human-in-the-loop (HITL) review when queries involve sensitive or complex compliance issues. In these cases, HEAG experts may review the question and AI response to ensure accuracy before returning the final answer. Such reviews are logged for audit and training purposes.
- Data Retention By default, chat data is retained for ninety (90) days unless otherwise required for compliance or internal QA. Escalation records, audit reports, and administrative logs may be retained longer for business or legal purposes. Users may request deletion of account information, subject to HEAG’s legal obligations.
- AI Transparency ReggieAI uses artificial intelligence to generate outputs. AI-generated responses may include errors or omissions. They are not official regulatory text and must be reviewed by users for accuracy. Complex or high-risk queries may be escalated to a human expert.
- Data Security HEAG employs TLS for data in transit, role-based access controls, row-level security on databases, audit logs, and U.S. data residency. While HEAG takes reasonable measures to safeguard account and usage data, institutions remain responsible for ensuring that no PII or sensitive student data is entered into ReggieAI.
- User Rights Users may request access, correction, or deletion of their account information by contacting info@heag.us. Depending on jurisdiction, additional rights (such as data portability or processing objections) may apply.
- Accessibility and Compliance ReggieAI is designed to be aligned with FERPA, Section 508, and WCAG 2.1 AA accessibility standards. HEAG conducts regular internal and external reviews to maintain compliance posture.
- Updates HEAG may update this Privacy Policy periodically. Continued use of ReggieAI after updates constitutes acceptance of the revised Policy.


